If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Services Behind Linksys Routers

Alright. So recently, we've have some questions about how to get access to a computer that is behind a router. The general consensus is that its impossible. Luckily for us, its not. In fact, its actually pretty easy. This tutorial is going to be pretty short, but by the end of it you should be able to set up any linksys router to allow a computer to run a service.

Attached are screenshots to help you see what's going on, and what many of the pages should look like. They're in the .png format, but you shouldn't have any trouble with them. If you would like them in another format, PM me and I'll send them to you.

It should be possible to do similiar things with a Netgear router, but I cannot be sure. At the moment, I do not have access to any Netgear routers, so I will not be able to give exact instructions. If you know your way around the router, you'll be able to figure out what you're looking from from this tutorial.

[edit]
I have since been told that Netgear routers work almost the same way, with almost the same steps as follows. Using this as a guide, it looks like you shouldn't have any problems with it...just adapt the steps slightly. Thanks Axeman!
[/edit]

For this tutorial/walkthrough, we'll be using my home network. Here's the basic information that we'll need:
There are two routers, both Linksys.
The first one, closest to the internet, is a wireless router downstairs
The second one, in my room, is a regular four-port linksys router.
There are two subnets, really. The two subnets are created by the two routers. Subnet two lies entirely under router two, while subnet one lies entirely under router one. Router two is a part of both subnets, since it is hooked up to both. The first one has three assigned addresses, Sally, Davids_Desktop, and 000625F5AFB3. We can ignore Sally and Davids_Desktop. Below are the crucial IP Addresses that we'll need to know:

Alright, so we're ready to begin. First of all, you need to know exactly how to make connect to your router so that you can make the needed changes. On a linksys router, the default base address is 192.168.1.1. If it has been changed, it will most likely be the base address for the range that you're using. I.E.

The Range of IP Address is 224.123.41.101-224.123.41.110 The address you want to use is PROBABLY at 224.123.41.1

Type the appropriate address into your web browser, and hit Go. A password prompt will come up. The default is no user name, password admin. If its been changed, enter it accordingly. The page that comes up should look something like screenshot1, which is attached. If it doesn't look exactly like that, its fine, don't worry about it. They differ between the exact settings and the exact router. As long as its close, we're okay.

Start at the router that is closest to your computer, the one that your computer plugs directly into. Connect to that router, and then click on Status, which is one of the tabs near the top of the page. It should look like screenshot two. From there, click on "DHCP Clients Table" this will give you a listing of all of the IP Addresses that are hooked up to that router. See screenshot 3.

requiem 192.188.1.101 00-08-74-E2-BD-67 Is the computer that I am on, and the one that I'm interested in. The IP address is 192.188.1.101. Now, if you also happen to be doing all of these things from the computer that you want to run a service off of, then you can skip that last step. Go ahead and instead just look at the Status page. The first thing under WAN is your IP Address, which is still 192.188.101 The order may vary between exact routers, but it'll be on there.

Take note of the IP address, and also make sure that you've noted exactly what the gateway IP Address is. If this is the only router on the network, you don't have to worry about a this.

From there, go on over and click on Advanced. See screenshot4. From Advanced, click on Forwarding, or Port Forwarding. Screenshot5. From here, you just need to know the IP Address that you want it sent to, and the port that it will be running on. Fill it out accordingly, and any request for a service directed to the router will be forwarded to the computer behind it.

Tada! You can now run SSH, FTP, or nearly any other service* behind the router.

*NOTE: With Linksys routers, it is NOT recommended that you run webservers this way. Since many changes are made to the router using a small webserver, and access through port 80, any port requests that are sent to the router will go to your computer instead. It will become next to impossible to make further changes.

Continue with the same procedure until you reach the router that connects directly to the internet. From this point on, however, you'll want to forward the ports to the routers, only forward it to your computer at the very end. While it is possible to forward directly to your computer, it often causes problems with the subnet, and it is not recommended if you are new to this.

If you do all of this, you shouldn't have any problems running a few services behind a router.

*NOTE: With Linksys routers, it is NOT recommended that you run webservers this way. Since many changes are made to the router using a small webserver, and access through port 80, any port requests that are sent to the router will go to your computer instead. It will become next to impossible to make further changes.

I can't believe that to be true..

With port forwarding, it forwards from the WAN side.... so if someone on the internet wants to connect to your web server through your router on port 80, thats OK.

If you need to configure your router more via web interface... then simply point your web browser to the LAN interface. http://192.168.0.1:80 or whatever

That *shouldn't* forward to your webserver... linksys can't be dumb enough to actaully forward ALL requests to port 80 to the webserver... can they?

Otherwise... pretty good tutorial!

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

phishphreek80 is correct - internally, the router will recognize that you are accessing it's web interface setup - from the outside world, requests on port 80 are forwared to the webserver. I've got a Linksys at my house and for a brief period of time ran a webserver from one of my internal machines. I had no problems connecting to the web interface setup and outsiders had no problems connecting to the webserver.

Further, even if you screwed the router's config there is always the handy reset button on the router!

I could see the webserver issue causing a problem only if you are a complete moron who throws caution to the wind.

By default Linksys routers only listen for internal requests to port 80, so anything coming in over the internet would be treated like all other data and forwarded to the correct destination. However, there is an advanced option to enable the router to listen for port 80 requests on the WAN port. If you enabled this option, then you are going to see some conflicts. The router is going to want to answer the request, yet if you have port forwarding, it'll also want to forward the request. I'm not sure which would take precidence in that case.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

HTRegz---That's the dilemna, now isn't it? I haven't personally tried it, and I'm not sure how it would react to an internal call. It may stop you from making adjustments, it may not. Maverick says it won't....thanks for that bit of information. ;-)

HT, that is only if you want to allow people from the WAN side to access your config page.

Why on earth would you want to do that?

I could see if you can config ACLs to only allow certain IPs to access it... but with linksys... its all or nothing.

And... I'm guessing that by your choice of words... you're saying you've got to be a complete moron to set it up this way? Because... thats what I'd think too...

So, unless you are a complete moron... then you should have no problems!

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Originally posted here by phishphreek80 HT, that is only if you want to allow people from the WAN side to access your config page.

Why on earth would you want to do that? I could see if you can config ACLs to only allow certain IPs to access it... but with linksys... its all or nothing.

I agree, but like I said only if you were a complete moron who throws caution to the wind, other than that you won't run into any problems.... I was just giving the case where it could possibly cause a problem.

[Edit]

Wow you edit as I post... see great minds do think alike

[/Edit]

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".